Interior admits security flaws in trust systems

Interior secretary Gale Norton told the Office of Management and Budget recently that the department's financial systems are riddled with security weaknesses, even after she had told the U.S. District Court for the District of Columbia last month that they were secure.

Norton's statements to OMB Sept. 8 in the department's Financial Management Report and Strategic Plan (FY 2004'FY 2008) came to light in a filing today by the plaintiffs in Cobell v. Norton. That seven-year-old litigation over Interior's mismanagement of American Indian trust funds hinges in large part on whether the department has secured the trust systems from hacking.

Several Interior systems remain disconnected from the Internet because of court orders issued in the case.

Norton wrote to OMB on Sept. 8 that Interior 'has not established access controls that limit or detect inappropriate access to information technology systems and related resources, thereby increasing the risk of unauthorized modification, loss or disclosure of sensitive or confidential data.'

Interior reported to OMB that American Indian trust fund data is 'unreliable, inaccurate and inconsistent, and trust systems have been inadequate to comprehensively process trust data and support investment activities,' according to the plaintiffs' filing.

Norton made a contrary statement in an Aug. 11 court filing, saying Interior's 'IT systems are secure, for purposes of Internet connectivity ' and sufficient security measures are presently in place to protect [against] unauthorized Internet access.'

Interior spokesman Dan Dubray said he could not comment on the plaintiffs' filing yet because he had not had an opportunity to review it.

The court first ordered Interior in December 2001 to sever its connections to the Internet after court contractors proved that American Indian trust accounts could be easily hacked. On July 28, the court reinstated its cutoff order and required the department to justify why it has reconnected of most of its systems to the Internet.

Interior responded Aug. 27 with a reconnection plan under which it would provide security details, including network maps, comparison with a list of the top 20 vulnerabilities of computer systems, a vulnerability assessment and penetration testing.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.